It turns out that Microsoft's proprietary tool can not only hang...
Over the past few years, security experts have observed an increase in cyber attacks on organizations in Eastern and Western Europe, as well as North America. The reason for this is hackers from the APT29 group, who actively exploit security vulnerabilities.
Researchers from Microsoft have identified the group's use of a new type of malicious software called Goosegg for attacks using a bug in the Windows Print Spooler component (Print Queue Manager), officially fixed in October 2022.
The vulnerability, known as CVE-2022-38028 with a CVSS score of 7.8, allows you to gain elevated privileges on the system. With the help of the GOOSEGG malware, attackers run programs with elevated rights, which facilitates the further distribution of malware and the installation of backdoors.
According to experts, the actions of APT29 are often focused on intelligence gathering. The Goosegg program, although it is a simple launcher application, supports various commands for activating vulnerabilities and running malicious code.
This group was also recently seen exploiting vulnerabilities in Microsoft Outlook and WinRAR to escalate privileges and execute code, highlighting their ability to quickly integrate public exploits into their operations.
To protect against APT29 attacks, Microsoft recommends fixing the print queue manager vulnerability if this was not done after the patch was released, as well as actively building up security mechanisms within the organization.
Over the past few years, security experts have observed an increase in cyber attacks on organizations in Eastern and Western Europe, as well as North America. The reason for this is hackers from the APT29 group, who actively exploit security vulnerabilities.
Researchers from Microsoft have identified the group's use of a new type of malicious software called Goosegg for attacks using a bug in the Windows Print Spooler component (Print Queue Manager), officially fixed in October 2022.
The vulnerability, known as CVE-2022-38028 with a CVSS score of 7.8, allows you to gain elevated privileges on the system. With the help of the GOOSEGG malware, attackers run programs with elevated rights, which facilitates the further distribution of malware and the installation of backdoors.
According to experts, the actions of APT29 are often focused on intelligence gathering. The Goosegg program, although it is a simple launcher application, supports various commands for activating vulnerabilities and running malicious code.
This group was also recently seen exploiting vulnerabilities in Microsoft Outlook and WinRAR to escalate privileges and execute code, highlighting their ability to quickly integrate public exploits into their operations.
To protect against APT29 attacks, Microsoft recommends fixing the print queue manager vulnerability if this was not done after the patch was released, as well as actively building up security mechanisms within the organization.
